mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-1959: User can add/remove relationship to/from record he has read-only permissions for
* integration tests * small fix to service implementation git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@97950 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -1585,8 +1585,8 @@
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.existsRelationshipDefinition=RM_ALLOW
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.getRelationshipsFrom=RM_ALLOW
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.getRelationshipsTo=RM_ALLOW
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.addRelationship=RM_ALLOW
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.removeRelationship=RM_ALLOW
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.addRelationship=RM_CAP.1.rma:filePlanComponent.ChangeOrDeleteReferences,RM_CAP.2.rma:filePlanComponent.ChangeOrDeleteReferences
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.removeRelationship=RM_CAP.1.rma:filePlanComponent.ChangeOrDeleteReferences,RM_CAP.2.rma:filePlanComponent.ChangeOrDeleteReferences
|
||||
org.alfresco.module.org_alfresco_module_rm.relationship.RelationshipService.*=RM_DENY
|
||||
]]>
|
||||
</value>
|
||||
|
||||
@@ -30,16 +30,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
*/
|
||||
public class ChangeOrDeleteReferencesCapability extends DeclarativeCapability
|
||||
{
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluateImpl(org.alfresco.service.cmr.repository.NodeRef)
|
||||
*/
|
||||
@Override
|
||||
protected int evaluateImpl(NodeRef nodeRef)
|
||||
{
|
||||
// Can't be sure, because we don't have information about the target so we still abstain
|
||||
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
|
||||
*/
|
||||
|
||||
@@ -629,10 +629,13 @@ public class RelationshipServiceImpl extends RecordsManagementAdminBase implemen
|
||||
for (AssociationRef associationRef : associationRefs)
|
||||
{
|
||||
String uniqueName = associationRef.getTypeQName().getLocalName();
|
||||
if (existsRelationshipDefinition(uniqueName))
|
||||
{
|
||||
NodeRef from = associationRef.getSourceRef();
|
||||
NodeRef to = associationRef.getTargetRef();
|
||||
relationships.add(new RelationshipImpl(uniqueName, from, to));
|
||||
}
|
||||
}
|
||||
|
||||
return relationships;
|
||||
}
|
||||
@@ -650,10 +653,13 @@ public class RelationshipServiceImpl extends RecordsManagementAdminBase implemen
|
||||
for (ChildAssociationRef childAssociationRef : childAssociationRefs)
|
||||
{
|
||||
String uniqueName = childAssociationRef.getQName().getLocalName();
|
||||
if (existsRelationshipDefinition(uniqueName))
|
||||
{
|
||||
NodeRef from = childAssociationRef.getParentRef();
|
||||
NodeRef to = childAssociationRef.getChildRef();
|
||||
relationships.add(new RelationshipImpl(uniqueName, from, to));
|
||||
}
|
||||
}
|
||||
|
||||
return relationships;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,210 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2014 Alfresco Software Limited.
|
||||
*
|
||||
* This file is part of Alfresco
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.alfresco.module.org_alfresco_module_rm.test.integration.relationship;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.util.GUID;
|
||||
|
||||
/**
|
||||
* Create relationship integration test.
|
||||
*
|
||||
* @author Roy Wetherall
|
||||
* @since 2.3
|
||||
*/
|
||||
public class CreateRelationshipTest extends BaseRMTestCase
|
||||
{
|
||||
public void testReadOnlyPermissionOnSource() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.READ_RECORDS);
|
||||
filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.FILING);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testReadOnlyPermissionOnTarget() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.FILING);
|
||||
filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.READ_RECORDS);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testFillingPermissionOnSourceAndTarget() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecordCategory, user, RMPermissionModel.FILING);
|
||||
filePlanPermissionService.setPermission(targetRecordCategory, user, RMPermissionModel.FILING);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void then() throws Exception
|
||||
{
|
||||
// assert that the relationship exists
|
||||
assertEquals(1, relationshipService.getRelationshipsFrom(sourceRecord).size());
|
||||
assertEquals(0, relationshipService.getRelationshipsTo(sourceRecord).size());
|
||||
assertEquals(0, relationshipService.getRelationshipsFrom(targetRecord).size());
|
||||
assertEquals(1, relationshipService.getRelationshipsTo(targetRecord).size());
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -19,9 +19,15 @@
|
||||
|
||||
package org.alfresco.module.org_alfresco_module_rm.test.integration.relationship;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
|
||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.relationship.Relationship;
|
||||
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.util.GUID;
|
||||
|
||||
@@ -73,5 +79,182 @@ public class DeleteRelationshipTest extends BaseRMTestCase
|
||||
});
|
||||
}
|
||||
|
||||
public void testReadOnlyPermissionOnSource() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
|
||||
// add relationship
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.READ_RECORDS);
|
||||
filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.FILING);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testReadOnlyPermissionOnTarget() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
|
||||
// create relationship
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecord, user, RMPermissionModel.FILING);
|
||||
filePlanPermissionService.setPermission(targetRecord, user, RMPermissionModel.READ_RECORDS);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void testFillingPermissionOnSourceAndTarget() throws Exception
|
||||
{
|
||||
doBehaviourDrivenTest(new BehaviourDrivenTest()
|
||||
{
|
||||
/** test data */
|
||||
private String roleName = GUID.generate();
|
||||
private String user = GUID.generate();
|
||||
private NodeRef sourceRecordCategory;
|
||||
private NodeRef targetRecordCategory;
|
||||
private NodeRef sourceRecordFolder;
|
||||
private NodeRef targetRecordFolder;
|
||||
private NodeRef sourceRecord;
|
||||
private NodeRef targetRecord;
|
||||
|
||||
public void given() throws Exception
|
||||
{
|
||||
// test entities
|
||||
sourceRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
sourceRecordFolder = recordFolderService.createRecordFolder(sourceRecordCategory, GUID.generate());
|
||||
sourceRecord = utils.createRecord(sourceRecordFolder, GUID.generate());
|
||||
targetRecordCategory = filePlanService.createRecordCategory(filePlan, GUID.generate());
|
||||
targetRecordFolder = recordFolderService.createRecordFolder(targetRecordCategory, GUID.generate());
|
||||
targetRecord = utils.createRecord(targetRecordFolder, GUID.generate());
|
||||
|
||||
// create role
|
||||
Set<Capability> capabilities = new HashSet<Capability>(2);
|
||||
capabilities.add(capabilityService.getCapability("ViewRecords"));
|
||||
capabilities.add(capabilityService.getCapability("ChangeOrDeleteReferences"));
|
||||
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
|
||||
|
||||
// create user and assign to role
|
||||
createPerson(user, true);
|
||||
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
|
||||
|
||||
// create relationship
|
||||
relationshipService.addRelationship("crossreference", sourceRecord, targetRecord);
|
||||
}
|
||||
|
||||
public void when()
|
||||
{
|
||||
// assign permissions
|
||||
filePlanPermissionService.setPermission(sourceRecordCategory, user, RMPermissionModel.FILING);
|
||||
filePlanPermissionService.setPermission(targetRecordCategory, user, RMPermissionModel.FILING);
|
||||
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
relationshipService.removeRelationship("crossreference", sourceRecord, targetRecord);
|
||||
return null;
|
||||
}
|
||||
}, user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void then() throws Exception
|
||||
{
|
||||
// assert that the relationship exists
|
||||
assertEquals(0, relationshipService.getRelationshipsFrom(sourceRecord).size());
|
||||
assertEquals(0, relationshipService.getRelationshipsTo(sourceRecord).size());
|
||||
assertEquals(0, relationshipService.getRelationshipsFrom(targetRecord).size());
|
||||
assertEquals(0, relationshipService.getRelationshipsTo(targetRecord).size());
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import org.junit.runners.Suite.SuiteClasses;
|
||||
@RunWith(Suite.class)
|
||||
@SuiteClasses(
|
||||
{
|
||||
CreateRelationshipTest.class,
|
||||
DeleteRelationshipTest.class
|
||||
})
|
||||
public class RelationshipTestSuite
|
||||
|
||||
Reference in New Issue
Block a user